Did you ever get this to work? I have not.
On Tuesday, January 7, 2014 at 6:16:37 PM UTC-5, Adam Morris wrote:
>
> The solution I went with is not perfect, but pretty good... My
> localaccounts task has two main user tasks in it (they take lists of users
> and are identical apart from one aspect). The lists are provided with
> Linux style password hashes.
> The first section runs only on Linux hosts and takes the hash as is.
> The second one runs only on aix and replaces password={{item.password}}
> with password={{item.password | replace("$1$", "{smd5}") | replace("$5$",
> "{ssha256}") | replace("$6$", "{ssha512}") }}
>
> This replaces the linux style encryption identifier $[1|5|6]$ with the AIX
> equivalent {s[md5|sha256|sha512]}
>
> Adam
>
> On Tuesday, January 7, 2014 12:10:43 PM UTC-8, Romeo Theriault wrote:
>>
>> On Tue, Jan 7, 2014 at 7:47 AM, Adam Morris <[email protected]> wrote:
>>
>>>
>>>
>>> On Monday, January 6, 2014 4:33:57 PM UTC-8, Romeo Theriault wrote:
>>>>
>>>> Not sure I'm going to answer your question but I'd recommend that you
>>>> use the highest level of password encryption your version of unix
>>>> supports.
>>>> On modern Linux boxes this is SHA512. I'm not sure about AIX. I don't
>>>> *believe* openssl passwd allows you to generate SHA512 encrypted
>>>> passwords.
>>>> I use the python library passlib [1] for this. Easy enough to do:
>>>>
>>>
>>> Thanks Romeo, AIX can handle SMD5, SHA-256 and SHA-512... (plus blowfish
>>> on the server I checked). so I could say that we should use SHA-512 going
>>> forward. That still leaves me with the question as to how I handle them...
>>> Do I store an AIX password and a Linux password for every user, do I munge
>>> the passwords when I use them, or do I add a potentially ugly hack to
>>> Ansible that would take care of the issue?
>>>
>>> I'm leaning towards the second option myself... It's not entirely
>>> clean, but it does seem like a reasonable way to go.
>>>
>>
>> If like you suggested AIX passwords just have something prepended to them
>> I'd just store one SHA512 password and interpolate the needed prefix on the
>> AIX boxes.
>>
>> --
>> Romeo
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/18a20fc2-5053-400d-bb8c-5f5a94c9c3a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
